Skip to main content

CVE-2025-54595: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in alienator88 Pearcleaner

High
VulnerabilityCVE-2025-54595cvecve-2025-54595cwe-78cwe-269
Published: Fri Aug 01 2025 (08/01/2025, 18:06:23 UTC)
Source: CVE Database V5
Vendor/Project: alienator88
Product: Pearcleaner

Description

Pearcleaner is a free, source-available and fair-code licensed mac app cleaner. The PearcleanerHelper is a privileged helper tool bundled with the Pearcleaner application. It is registered and activated only after the user approves a system prompt to allow privileged operations. Upon approval, the helper is configured as a LaunchDaemon and runs with root privileges. In versions 4.4.0 through 4.5.1, the helper registers an XPC service (com.alienator88.Pearcleaner.PearcleanerHelper) and accepts unauthenticated connections from any local process. It exposes a method that executes arbitrary shell commands. This allows any local unprivileged user to escalate privileges to root once the helper is approved and active. This issue is fixed in version 4.5.2.

AI-Powered Analysis

AILast updated: 08/01/2025, 18:32:43 UTC

Technical Analysis

CVE-2025-54595 is a high-severity OS command injection vulnerability affecting the Pearcleaner macOS application, specifically its privileged helper tool PearcleanerHelper. PearcleanerHelper is designed to perform privileged operations on behalf of the user after explicit approval via a system prompt. Once approved, the helper runs as a LaunchDaemon with root privileges and registers an XPC service (com.alienator88.Pearcleaner.PearcleanerHelper) that accepts unauthenticated connections from any local process. The vulnerability arises because this XPC service exposes a method that executes arbitrary shell commands without proper sanitization or authentication. Consequently, any local unprivileged user can connect to this service and execute arbitrary commands with root privileges, effectively escalating their privileges. This issue affects Pearcleaner versions 4.4.0 through 4.5.1 and is resolved in version 4.5.2. The CVSS v3.1 score is 7.3 (High), reflecting the vulnerability's significant impact on confidentiality, integrity, and availability, combined with relatively low attack complexity but requiring user interaction to approve the helper's privileged status. No known exploits are currently reported in the wild. The root cause is improper neutralization of special elements in OS commands (CWE-78) and improper privilege management (CWE-269).

Potential Impact

For European organizations using Pearcleaner on macOS systems, this vulnerability poses a serious risk of local privilege escalation. An attacker with local access—such as an insider threat, a compromised user account, or malware operating with user-level permissions—can exploit this flaw to gain root-level control. This could lead to full system compromise, unauthorized access to sensitive data, installation of persistent malware, or disruption of system availability. Organizations relying on macOS for critical workflows or handling sensitive information are particularly at risk. The requirement for user approval to activate the helper limits remote exploitation but does not mitigate insider threats or attacks leveraging social engineering to gain user consent. The vulnerability could also be leveraged in multi-user environments or shared workstations common in European enterprises, increasing the attack surface. Given the high severity and the privileged nature of the helper, the impact on confidentiality, integrity, and availability is substantial.

Mitigation Recommendations

1. Immediate upgrade to Pearcleaner version 4.5.2 or later, where the vulnerability is fixed, is the most effective mitigation. 2. Until upgrade, restrict local user access to systems running vulnerable Pearcleaner versions to trusted personnel only. 3. Monitor and audit the activation of the PearcleanerHelper LaunchDaemon and the approval prompts to detect unauthorized approvals. 4. Employ macOS security features such as System Integrity Protection (SIP) and Endpoint Detection and Response (EDR) tools to detect anomalous privilege escalations or unauthorized command executions. 5. Consider removing or disabling PearcleanerHelper if not essential, or replacing Pearcleaner with alternative macOS cleaning tools that do not require privileged helpers. 6. Educate users about the risks of approving privileged operations and implement policies to minimize unnecessary approvals. 7. Use application whitelisting and restrict execution of unknown or untrusted local processes to reduce the risk of exploitation by local attackers.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
GitHub_M
Date Reserved
2025-07-25T16:19:16.095Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 688d04c8ad5a09ad00cb1883

Added to database: 8/1/2025, 6:17:44 PM

Last enriched: 8/1/2025, 6:32:43 PM

Last updated: 8/2/2025, 4:42:41 AM

Views: 9

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats